Contents
IPsec-AH am Cisco Border-GW
Gegeben ist die IP-Adresse (IPADDR) des Clients in der Form IP1.IP2.IP3.IP4.
Format der Access-Listen
access-list INDEX3 permit ip any host IPADDR
Format der Crypto Map Einträge
crypto map 0xff INDEX1 ipsec-manual set peer IPADDR set session-key inbound ah INDEX2 {40char-key1} set session-key outbound ah INDEX2 {40char-key2} set transform-set AH-Only match address INDEX3
Berechnung der Variablen INDEX1, INDEX2 und INDEX3
INDEX1 = (IP3 - 150)*256 + IP4
INDEX2 = 300 + INDEX1
INDEX3 = 2000 + INDEX1
Realisierung mit HTML::Template Perl Datenbank Backend
SQL String
SELECT SUBSTR(ah_key_in,3) as ah_key_in, SUBSTR(ah_key_out,3) as ah_key_out, conv(SUBSTR(spi,3),16,10) as index2, (conv(SUBSTR(spi,3),16,10)-300) as index1, (1700+conv(SUBSTR(spi,3),16,10)) as index3, net.netip as ip FROM sa,net WHERE net.id=sa.net_id
<TMPL_LOOP NAME=table> access-list <TMPL_VAR NAME=index3> permit ip any host <TMPL_VAR NAME=ip> crypto map 0xff <TMPL_VAR NAME=index1> ipsec-manual set peer <TMPL_VAR NAME=ip> set session-key inbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_out> set session-key outbound ah <TMPL_VAR NAME=index2> <TMPL_VAR NAME=ah_key_in> set transform-set AH-Only match address <TMPL_VAR NAME=index3> </TMPL_LOOP>